OT: how to block emails sent to too many recipients
murray at tlabs.ac.za
Mon Dec 20 14:49:56 GMT 2010
Denis Beauchemin wrote:
> Hello all,
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
Not necessarily entirely helpful but maybe my story might in some way help you.
We got nailed similarly in our squirrelmail setup with a bunch of clowns
having bad passwords (username=password).
squirrelmail very nicely places the logged-in username in the mail header.
So in exim we parse the header and if the user is one of those users, we block
all sending from webmail, but only sending from webmail, sending via other means is still permitted.
Maybe you could try blocking the mails from certain users sent via horde, as opposed to changing settings
for all users ?
use it, dont use it, up to you .....
yay my first post to this list hopefully uselful ;-)
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
| ____ ____ _ _ ____ __ __ ____ __ | Sean Murray |
|(_ _)(_ _)( )_( )( ___)( \/ )( _ \ /__\ | Facilitator of Research Science |
| _)(_ )( ) _ ( )__) ) ( ) _ < /(__)\ | iThemba LABS |
|(____) (__) (_) (_)(____)(_/\/\_)(____/(__)(__)| Cape Town, South Africa |
|( ) /__\ ( _ \/ __) | Voice : +27 21 8431056 |
| )(__ /(__)\ ) _ <\__ \ | Fax : +27 21 8433525 |
|(____)(__)(__)(____/(___/ | |
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2997 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101220/fa556751/smime.bin
More information about the MailScanner